How to use Splunk Secure Gateway in Splunk Cloud?


Hi Team,


We got an requirement to use the "Splunk Secure Gateway" app in our ES- Search Head and our Search head is in Splunk Cloud.

Splunk Secure Gateway version is 3.0.9

Splunk Cloud version 8.2.2203.2

We have already provided the Authentication to the Search Head via SAML (Azure) and we have created few groups ess_admin, ess_analyst, ess_user etc and provided authentication to the users and the users are logging into SH via SAML.


So when I navigated to the App" Splunk Secure Gateway" in the Search head it says a message as "SAML needs to be set up for Connected Experiences before devices can be registered" i.e. To configure SAML.

Then when i clicked Configure SAML it navigates to the next page and here when I clicked "Connect to a SAML IdP" (Mentioned as Needs Action) so when i clicked the Take Action under Okta or Azure option it has navigated to SAML Groups page.

And after which I am not sure what should i need to do and moreover when I tried to create authentication token i am getting an error as below "Token creation failed because: Cannot use tokens for SAML user xxx because neither attribute query requests (AQR) nor scripted auth are supported."


So kindly help me on how to use the app "Splunk Secure Gateway" in our Splunk Cloud Search head. 



Labels (2)


wondering if anyone has more insight on this one. I am having the same issue. we use azure to authenticate and have been for a while but when I go to set this app up (again) i'm just taken to our SAML page which already has a SAML configuration.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...